Never use deprecated fields, methods, or classes in new code. The Java SE 6 documentation provides a complete list of deprecated APIs \[[API 2006|AA. Bibliography#API 06]\]. Java provides a {{@deprecated}} annotation to indicate the deprecation of specific fields, methods, or classes.  For instance, many methods of {{java.util.Date}}, such as {{Date.getYear()}} have been explicitly deprecated.  The guideline [THI05-J. Do not use Thread.stop() to terminate threads] describes issues that can result from using the deprecated {{Thread.stop()}} method.

Obsolete fields, methods, or classes should not be used.  Java provides no annotation to indicate obsolescence; however several objects are documented as obsolete. For instance, the {{java.util.Dictionary}} class is marked as obsolete, and new code should use {{java.util.Map<K,V>}} instead \[[API 2006|AA. Bibliography#API 06]\].

Finally, several classes and methods impose particular limitations on their use. For instance, all of the subclasses of the abstract class java.text.Format are thread-unsafe. These classes must be avoided in multi-threaded code. For more information about thread-safety, see guideline TSM04-J. Document thread-safety and use annotations where applicable.

Obsolete Methods and Classes

The following methods and classes must not be used in new code:

Class or Method

Replacement

Guideline

java.lang.Character.isJavaLetter()

java.lang.Character.isJavaIdentifierStart()

 

java.lang.Character.isJavaLetterOrDigit()

java.lang.Character.isJavaIdentifierPart()

 

java.lang.Character.isSpace()

java.lang.Character.isWhitespace()

 

java.lang.Thread.stop()

 

THI05-J. Do not use Thread.stop() to terminate threads

java.util.Date, (many methods)

java.util.Calendar

 

java.util.Dictionary

java.util.Map<K,V>

 

java.util.Properties.save()

java.util.Properties.store()

 

Risk Assessment

Using deprecated or obsolete classes or methods in program code can lead to erroneous behavior.

Guideline

Severity

Likelihood

Remediation Cost

Priority

Level

MET15-J

high

likely

medium

P18

L1

Automated Detection

Detecting uses of deprecated methods is straightforward. Obsolete methods and thread-unsafe methods have no automatic means of detection.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this guideline on the CERT website.

Bibliography

\[[API 2006|AA. Bibliography#API 06]\] [Deprecated API|http://java.sun.com/javase/6/docs/api/deprecated-list.html], [Dictionary|http://download.oracle.com/javase/6/docs/api/java/util/Dictionary.html]
\[[SDN 2008|AA. Bibliography#SDN 08]\] Bug database, [Bug ID 4264153|http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4264153]
\[[MITRE 2009|AA. Bibliography#MITRE 09]\] [CWE ID 589|http://cwe.mitre.org/data/definitions/589.html]

MET14-J. Follow the general contract when implementing the compareTo() method      05. Methods (MET)      MET17-J. Do not increase the accessibility of overridden or hidden methods